Registration Tips

Does anyone have any tips on registration methods? Basically, what I want to do is pop up an annoying dialog on startup that doesn't go away for 10 seconds. I wouldn't know how to make each version of my application have a different serial number, and then know whether it has been typed in or not. Any Tips/Tutorials/Suggestions?

Golden rule: don't concern yourself too much with it. Complex, secure registration is fine for apps like Unity but probably not worth implementing in something smaller. You just have to do enough to discourage the average user from using it illegally.

Also, remember this: There will always be pirates so determined not to pay that they will crack it. So the best you can do is make it really annoying toâ€”like making them recrack it on every update.

Anyway, if you want something good, take these steps:
1. Get a name from the register.
2. assign them a serial number that is *somehow* a hash that will has never and will never be used again.
3. everytime you start up the app, ask the server whether a) the name and serial number are registered/match, and b) if they're a flagged pirate.

I wouldn't bother with all that. I went to quite extreme efforts earlier on to try to stop piracy and it all it meant was that there were a bunch of bugs in the complexity that caused honest users to be unable to register.

At the end of the day if you have a successful app it will get pirated regardless of the measures you take, and most likely not by people who would buy it. Make it easy for honest people to register, and ignore the pirates at least until you know that piracy is a problem for you.

So what would be the simplest way to implement registration? An online database with names and serial numbers sounds pretty easy, but my web hosting puts a 5-page limit on my site, and I am using those 5 pages. I think I will just take my chances with pirates, as this is my first/second app anyway.

What if I just had a system that generates a serial number based on a person's name, and then had a decoder built into the app that checked to see if the users name matches the serial number(when decoded)?

Actually, you can google for discussions about AP all over the place, not just here.

BeyondCloister Wrote:A quick search on Google provides an article saying how it is flawed and easy to bypass. So maybe not such a good idea after all?

It can easily be bypassed with a runtime attack or binary attack. You can never protect against those anyway -- well, I guess you can try to slow them down, but I don't really see the point. If someone wants to cut into my program by injecting code at runtime and bypassing the security, there is absolutely nothing I can do to stop them. Likewise with the binary, except I can tell them to stop distributing the cracked binary. It's a losing battle. An AquaticPrime-type system is about as practical as it gets for keeping the honest people honest. It's so simple anyway that you can re-implement it yourself to make it at least slightly more difficult for crackers to find the validation code every version if you wish... but then you're falling into the trap of playing cat and mouse with them all the time. See dog chasing tail.

Well, again, those who want to crack it enough will; there is NO copy protection that cannot be broken with enough thought and hackery. But the simplest protection will bug most people enough to buy the software anywayâ€”getting the number of pirates down to one in a hundred is a lot simpler than it sounds.

Just remember: The best copy protection is good software that people will WANT to buy and ease of purchase. You can see this everywhereâ€”Apple, Amazon, Nintendo, heck, our own Danlab. Ease of use and purchase is the key to happy, paying customers.

EDIT: And, for an example of software so shitty and expensive that it is one of the most pirated pieces of software everâ€”Windows XP.

My two cents: I use AquaticPrime and implement a couple things with it that pretty much keep the honest people honest and make it a bit harder to attack it but really, anyone with any bit of skill could figure out what I'm doing and work around it.

So once I have AP going in a project, I just use it to display a donation nag panel every few runs to remind people to donate with buttons to immediately dismiss it, go to my donation page, or validate a license file. The application itself is not crippled in any way and any donation amount will get you a license file (provided you tell me which project you're donating for). The way I figure it, people that run my stuff a lot will see the donation page a lot more than people who don't and be more inclined to send some money my way. So far, it works out pretty well.